0

I am trying to determine the storage encryption status of my Android device from within my application. Following the recommendations of the relevant Android Developer page, here is my code:

DevicePolicyManager mDPM = (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
int encryptionStatus = mDPM.getStorageEncryptionStatus();
if (DEBUG) Log.v(TAG, "checkSecuritySettingsSufficient: encryptionStatus=" + encryptionStatus);

Here's the trouble: when I run this code on a device (I've tried it on a Motorola Droid Maxx running Android 4.4.4 and a Nexus 7 running Android 5.0.2) which I have previously encrypted, DevicePolicyManager.getStorageEncryptionStatus() will always return a value of 1, i.e. ENCRYPTION_STATUS_INACTIVE.

Android is therefore reporting that the device is not encrypted, despite the fact that the file system is definitely encrypted (I checked its status from the Settings > Security page).

Is this function broken? There doesn't seem to be any mention of that on SO or on other web sources. This leads me to believe that I am not doing something correctly with respect to DevicePolicyManager.

UPDATE After running through the encryption steps again with the Motorola device, DevicePolicyManager.getStorageEncryptionStatus() is returning the correct value, but it's still failing on the Nexus 7.

dmon
  • 30,048
  • 8
  • 87
  • 96
Patrick Brennan
  • 2,688
  • 3
  • 20
  • 30

1 Answers1

5

I just ran into this same issue and found out it was happening because the device had disk encryption enabled, but did not require the passcode be entered at startup. Changing the passcode, and forcing the require PIN at startup option to be true made DevicePolicyManager.getStorageEncryptionStatus() correctly return ENCRYPTION_STATUS_ACTIVE.

Mike Brown
  • 66
  • 1
  • 4
  • Yes, apparently this is the case. In our experience as well, getStorageEncryptionStatus returns ENCRYPTION_STATUS_INACTIVE unless *both* encryption is enabled and the PIN code is required. This seems wrong, but this is what we have to work with. – Patrick Brennan Jun 16 '15 at 16:33
  • 1
    With encryption ON but without Pin for start up nexus 6 returns ENCRYPTION_STATUS_ACTIVE_DEFAULT_KEY but Galaxy S7 with Android 6 returns ENCRYPTION_STATUS_ACTIVE – David Oct 27 '16 at 17:54